[stunnel-users] Looking to confirm that stunnel is encrypting traffic via wireshark

David Trebacz david at trebacz.com
Mon Dec 31 23:36:37 CET 2012

I'm using stunnel to encrypt newsgroup traffic. Essentially use stunnel
to encrypt port 119 traffic (from the Pan Newsreader) then securely
communicate over 563 with astraweb secure servers. The whole set-up is
described in detail in this blog post:

The system has been "working" for several months, but someone on the
blog asked how to confirm it. I checked my logs and each time I'm
finished using Pan/Stunnel to download anything I get several entries in
my syslog like:

stunnel: LOG5[2111:140426048358144]: Connection closed: 3259 byte(s)
sent to SSL, 16756212 byte(s) sent to socket

I started to wonder does this mean some of the traffic was encrypted,
but most wasn't?

I fired up wireshark filtered the results to show port 563 traffic (
filter set to tcp.port == 563) as was suggested in another post (
http://ubuntuforums.org/showpost.php?p=5400958&postcount=9). Wireshark
does show the traffic is correctly flow through port 563 with astrawebs
newsservers when requesting data, but how do I know the traffic is
encrypted? I inspected likely packets to contain encrypted data and I
don't see anything in plain text (but they're zlib compressed also).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121231/c504fc02/attachment.html>

More information about the stunnel-users mailing list